$ ls -l foo
rws--x--- 1 root cheat 16915 Mar 3 2026 foo
$ file foo
foo: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.5, not stripped
$ id
uid=1851(ti) gid=100(users) groups=100(users),496(wheel),500(cheat)
On openSUSE Leap 15.4, I can run this executable successfully and it gains root privilege. Now I have the same exact executable with the same permissions on openSUSE Leap 16.0, but when I try to run it, I get this error:
You mean you do not know if you are using it?
Where you using AppArmor before the switch 15.6 > 16.0? Then you probably also switched from AppArmor > SELinux.
I am not running either, but the forums here have several threads with unexpected permission and similar problems that turn out to be caused by SELinux. That is why I ask.
For test you could switch it off, but I have no idea how to do that. Search these forums
I did some web searching about SELinux, and how to turn it off. Looks like I don’t have SELinux installed on my Leap 16.0 system at all. The SELinux config file /etc/selinux/config isn’t there, and the SELinux related commands are also missing (such as sestatus, getenfotce, etc.
So, I think that SELinux isn’t what’s causing the permission denied error with the setuid root executable. Am I right? If so, what else might be the issue?
@amblabs … one unknown is “how did you install Leap 16” …
did you do an upgrade from a previous version of Leap (yes? which version?)
Or did you do a fresh install using an ISO burned to a USB stick, which uses the Agama installer? If this choice, it’s highly likely SELinux is being used.
Maybe some other method? which?
So, to absolutely determine if running on SELinux or not, boot into your Leap 16 system and execute this at a command line:
See the “security=xxxx” output … on my Leap (15.6) machine, it’s using Apparmor. Let us know the output on your machine. (would be nice to show us the output).
Hi @myswtest, My openSUSE Leap 16.0 system was a fresh install, not an upgrade from a previous version. As for what the installer was, I couldn’t say, it was whatever the ISO image provided.
root# sestatus
The program 'sestatus' can be found in following packages:
* policycoreutils [ path: /usr/bin/sestatus, repository: Leap ]
* policycoreutils [ path: /usr/sbin/sestatus, repository: Leap ]
* policycoreutils [ path: /usr/bin/sestatus, repository: openSUSE:repo-oss ]
* policycoreutils [ path: /usr/sbin/sestatus, repository: openSUSE:repo-oss ]
Try installing with:
sudo zypper install <selected_package>
[quote]32 bit, Intel 80386, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.5
Can that be the problem?[/quote]
Why would that be a problem? A 64-bit OS should be able to run 32-bit executables as long as the needed32-bit dynamic libraries are present. openSUSE had always been able to do that, why should Leap 16.0 be an exception? If any libraries were missing, then it wouldn’t be a “Permission denied” error. The following command shows that in my case, the executable doesn’t even need dynamic libraries. It’s was statically linked at compile time. I have used this executable successfully on SuSE Linux machines over many years, starting from SuSE version 8.x, openSUSE 10.x 11.x, 12.x, 42.x, Leap 15.4 and it worked over the generations except now on Leap 16.0.
@malcolmlewis Thank you! That was it. After installing the grub2-compat-ia32 package, which installs some 32-bit libraries, and (most importantly in my case) adds ia32_emulation=1 to thre kernel command line, the executable now works as it did in previous openSUSE versions.
